All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7901
svc
vss
svc$
veeam
memtas
sql
backup
mepocs
sophos
Extracted
Path
C:\w4cw6ha-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension w4cw6ha
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8B4BAB960311B039
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/8B4BAB960311B039
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
LIRUv8mSeD/Z36hDkV3wX9inKpx4Y1RpuoTguTZeRdlYKacnCllHg1ZjuVlJh8Bf
vjzHjVJIAV6tTFFahs78tZLTRYFYH4Ann9VrPh4Ss7KAT1ogEKipytpSoG+X5L+U
Ulb/AS18crPUpMFtlMcnbCRXwEK8Seh78hRwY0xQnsuf/5Wza4Hd312v1U6cgHm/
9Plw6zb++vO8hCeyCaFJmnxR35LXOpfsIQGzAzLdQ2B/tkUQ/z5AOGuQA+a0Iwp6
YvIOaMCVuN3xnT0+hMs6/kjlqDMi3Wog0rBD8OGcmix5EzbmqQjps5E3307t5BWe
tXua+4XUsuwY9hbEsp05GEw9E3fblMm8TPzAe62mfiFhUJJs3jp3YkAFl5vfDpXw
yLCLxy69iYtliB4UczFA5RZlTY/Ti5r4RIRt7H9l6ihyDdfH+ZD/u6YolJCMfxJZ
9CC7PrMDHynuKtdomn7LErYat9e35R0xOq6+friN5vrr5rFpbte6dupY1PprM96p
FuvBSe+gceutPvPH9TMdH+uCWOnMTMnvzj3s2TBbDKF4nwW536T6gmrf+LkRi4M/
9BFgNObBh4Sttko819k6eYGeVno/f7URYdWIKuT6lFejsiZPMoqK8HNKxmiwPAXk
Fu/1tBaK1+Pq7EOQqj7Ag7KxfKn0YdtY9cC3Q9/W/C+M2Mn8nKgfpsHOaMVWSl8t
Ah4MNMLO2eigzW4VdWRlYTF/QI0plggqJfiRUxE0MDAFpee3GYQGXpdBwbJES5+V
gwu69+wiQUUYzHaQ9RTGLF/RqrUIgzuRK/l2PZJCX02FDIkc3qRk0A3CV4r0aBPd
+XlcFH1moyZ8KWRLSCzJV0iRgbR27XBYXzYPIh9TeBazeeHg0a9paMEZ4dHx6mkH
Z+afYhQeJ6bfM/xnNGnjqkg0JVv8pGILFpjY3KgqcPA6n9ErNI3xAgBgPwr00+GM
pLLJILZlToMjqKWqXE6Y5zrjbbUMPCaZQ26VoXe4/E8ht8zFZBfOiVITYmsQ+c6J
VuN6lFnOL3FwKsHoQikNypgSXfFFPc4UCYDnAX5iSa03Wg8FepBpOCbhFLfTAjyk
kQi9up0Xrz8qcx/TVULwznuoTxF4vHtf/qa3XBlsQIKbVkElv8Z9ZG+zkr/fpmyG
bMbDONOZtSXvVJZ2QJ9s+WJfpCRNaaGNEwuB0Gb9LcuzYF+5jxRto+mwXp4/WhZi
OFqpbkZwADuJmdaARcyVCcJw9kK7EJgtotPS7xk6YK6UJw11viLBDZqwmBsWJsRi
uddzcMGb//NY/Lnd7TgdLgn5oBuJzDgG
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 42f3y9eo
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E18E5A89CD614942
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/E18E5A89CD614942
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
kwdqbKVSs2WUJj6cfNCWVh8ULPTqPnngYoZzB7Awyp2pnqWyYUnRZxlxgDpL4vs8
A7SHIwy0cZHQOHS3ok65TndNZNY7RYGsul9ruGmeDwbQ09++5fVKjxWYCQLyDdQc
BZLjNecCLXlJxzHKlmcUUmZgu/GVlMIpeVvY5+Z1Z36zHYCJ4oRMfgxfRLeAVBe6
V4Igoq1VUFr8U42W418W8Z3rLvOmvMu4FarhkieaA0rEPkv0wuNOuRKfxHT6FyrM
mWOG9Y8AGGYzT56A5ufG8EQSUI6AryR+Bd/FrxlnDuj7acnIjZXoGD9/8WFi1TKo
76l09ovPCzYWNs3GFiIgReGgBQ5SX1ssfwA2twapGqywSI6TNahWHA5qHZCp7wps
ke5JeboCk8GUi8JWqqPMfV81icBXqICeHwhF4vTuOWYjC0Q22aVd1VoAkccAbMh3
AG6oMSUr3QTq7R40ziP+q/yqxEwdi3oqq7vzGxce6iXu2XjPPeUd7Jy0H2l3atX8
SXH6faqmYMVghpyz1JmgzkEAaKgNaYdj+Fe9mTM2iP+3FnQ1d8OQXkviPhl9zDvf
EN1jIMgXsu9C7AG82XJgfmMtoxXb3j6DjPtm/12SZ1ppmEDyJ9+htoQGwyEJnhdq
xhX6VBzrtf6XJE1JcyEnRT3JsyOLbPgLuTDR8Mjr4U/PF9Id5AlE5eA/5ikM1k/Z
VPIM1BE2qTV/72YYqfKZqOQ6CmSAOpkpKC9Cz22N0XqqtfgXKiWbRmzmBWYISozf
CRNpvDDA9s2LxcFB1Nk+brNAF/6JVDnJOZwxO3hrqPFKxE6Ep2jrbYVSKttQGKqs
PFGKAFm/ZhvM/isn4hUU4rlqVqeNcWV9sNEaXt0NGxS4lcnINhszMZTQ9Qb15ZIn
2ELI3Y6KVtr+YtlvkwlJ9FvT4Q2T1WI5YoVP1vd3pXbtoHeEB2IwbbaFzRPLptaa
K5LnVNICFCpAsMdLhWcn0FOm1rof3XcEylLC/D2Gh1ZL54gEmclHAQgUdwqVpVN7
2IfEoTzWzj1cw/S9k5uQx1+WP5O+uODc1VqPRnpkvz5QbddKKYSReWkrNyELyNLm
4D5YCPc/uDBeoY7ZT5J+9Aaepw0aCYsTCGVh56E4r0KcXusYg8im0mB5RuDEDRVF
5N7HrSFHqc/qs/4oGbpAQ7EqGT3NtsD4x+NxAAMOv4bhekx7bTjGnANVO66YDUQs
i9ey0kA7VJX7ANXFWlhsre4xG0p+gik8vXI8gw8taisaWetc4Ex7uL9IExdGyfTP
8ZaMM6V3xeU6iA==
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
